Skip to main content

Understanding the User Invitation Process in Invariant

Inviting users is the primary way to bring new individuals into your Invariant Technology workspace. This process is designed to be secure and straightforward, involving distinct steps for both the administrator issuing the invitation and the recipient. Understanding this flow helps ensure a smooth onboarding experience.

The Lifecycle of an Invitation

An invitation typically goes through several stages:

  1. Initiation (by Administrator):

    • An administrator with the appropriate permissions navigates to the user management section within Invariant Settings.
    • They select an option like "Invite External User" or "Add User."
    • The administrator provides the email address of the individual they wish to invite.
    • Upon submission, Invariant Technology generates a unique invitation and sends it to the specified email address.

  2. Pending (Invitation Sent):

    • Once the email is sent, the invitation is in a "pending" state.
    • The system may track these pending invitations, allowing administrators to see who has been invited but has not yet accepted.
    • The invitation email contains a unique link that the recipient must use to proceed.

  3. Acceptance (by Invited User):

    • The invited individual receives the email from Invariant Technology.
    • They must click the unique link within the email. This action signifies their intent to accept the invitation.
    • Security Note: Invitation links are typically designed for one-time use by the intended recipient to prevent unauthorized access.

  4. Account Setup & Activation (by Invited User):

    • Upon clicking the invitation link, the user is usually directed to a page where they complete their account setup. This typically involves:
      • Confirming their email address (often implicitly done by clicking the link).
      • Creating a password: If the workspace allows password-based authentication and the user is not being onboarded directly via OIDC.
      • OIDC Onboarding: If the workspace primarily uses OIDC, the user might be redirected to the Identity Provider (IdP) to authenticate or create an account there if they don't already have one linked. Their Invariant account is then provisioned based on the IdP's authentication.
      • Agreeing to any terms of service.
    • Once these steps are completed, their user account in Invariant Technology is created and becomes active.

  5. Post-Activation:

    • The user can now log in to the Invariant workspace.
    • Initial Permissions: The user's initial level of access and permissions might be based on default roles or may require further configuration by an administrator after the account is active. It's important to remember that accepting an invitation and creating an account doesn't automatically grant full access to all features.

  6. Expiration/Revocation (Possible States):

    • Expiration: For security reasons, invitation links may have an expiration period. If not accepted within this timeframe, the link becomes invalid, and a new invitation might need to be sent.
    • Revocation: Administrators may have the ability to revoke a pending invitation before it's accepted if circumstances change.

Key Considerations for Invitations

  • Email Accuracy: The entire process hinges on the administrator providing the correct email address for the invitee. Typos can lead to undelivered invitations or, worse, invitations sent to the wrong person.
  • Email Delivery: Ensure that emails from Invariant Technology are not being caught by spam filters on the recipient's end. Advise invitees to check their spam/junk folders if they don't receive the invitation promptly.
  • User Communication: It's often helpful for the inviting administrator to give the invitee a heads-up that an invitation email is coming, so they know to expect it.
  • Impact of Security Policies: Workspace security policies, such as "Allow New External Collaborators," directly determine whether invitations can be sent to users outside a managed domain.

By understanding these mechanics, both administrators and invited users can navigate the invitation process more effectively, leading to a smoother and more secure onboarding into your Invariant Technology workspace.